| Name | CVE-2026-42171 |
| Description | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references). |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1134955 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| nsis (PTS) | bullseye | 3.06.1-1 | vulnerable |
| bullseye (security) | 3.06.1-1+deb11u1 | vulnerable |
| bookworm | 3.08-3+deb12u1 | vulnerable |
| forky, trixie | 3.11-1 | vulnerable |
| sid | 3.12-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| nsis | source | (unstable) | 3.12-1 | | | 1134955 |
Notes
[trixie] - nsis <no-dsa> (Minor issue)
[bookworm] - nsis <no-dsa> (Minor issue)
[bullseye] - nsis <postponed> (Minor issue; can be fixed in next update)
Fixed by: https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca (v312)